
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.usptO.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/067,403 



02/07/2002 



25319 7590 01/24/2006 

FREEDMAN & ASSOCIATES 
117 CENTREPOINTE DRIVE 
SUITE 350 

NEPEAN, ONTARIO, K2G 5X3 
CANADA 



Laurence Hamid 



12-72 US 



7278 



EXAMINER 



ABRISHAMKAR, KAVEH 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 01/24/2006 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 

10/067,403 



Examiner 

Kaveh Abrishamkar 



Applicants) 

HAM ID, LAURENCE 



Art Unit 

2131 



- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MO NTH (S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the maPing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
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DETAILED ACTION 



Response to Amendment 

1 . This action is in response to the amendment filed on November 1 , 2005. Claims 
1-21 were originally received for consideration. Per the received amendment, claims 2 
was cancelled, leaving claims 1, and 3-21 as currently pending examination. 



Response to Arguments 

2. Applicant's arguments filed November 1 , 2005 have been fully considered but 
they are not persuasive for the following reasons: 

Regarding amended claim 1, the applicant argues that the cited prior art (CPA), 
Lockhart et al. (U.S. Patent No. 6,230,272) does not teach the limitation, originally 
presented in claim 2, of encoding a same security data with several different data keys 
to provide several different encoded data such that a combination of user authorization 
and any of the several keys allows for retrieval and decoding. This argument is not 
found persuasive. Lockart uses a multipurpose data string to encrypt private keys 
(security data) which needs a user PIN or password to access (user authorization) 
(column 3 lines 6-22). Lockart discloses that a user can "use a different data string for 
another software application that is used on the computer" (column 5 lines 26-32). 
Therefore, a different data string can be used to encode different keys for the different 
software applications present on the computer. Therefore, it is asserted that the CPA 
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does teach "a same security data is encoded with said several different data keys to 
provide several different encoded secure data such that a combination of user 
authorization and any of said several different data keys allows for retrieval and 
decoding." 

Therefore, the rejection is maintained for the pending claims as given below. 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1-5 are rejected under 35 U.S.C. 102(e) as being anticipated by Lockhart 
US (6,230272). 

Regarding claim 1 : Lockhart discloses a method of securing security data stored on a 
computer system (see abstract) comprising the steps of: 

Providing one of several different data keys to the computer system; (Col 3, lines 

39-46) 



Application/Control Number: 10/067,403 Page 4 

Art Unit: 2131 

Transforming the security data with the data key in a reversible fashion to 
produce encoded secure data such that the data key is required in order to perform a 
reverse transform and extract the security data from the encoded secure data; and (Col 

4, lines 35^3) 

storing the encoded secure data in a fashion such that a user authorization 
process is used to retrieve the encoded secure data such that the data key and the user 
authorization process in combination, provide access to the security data and such that 
the stored data within the computer system is encoded. (Col 4, lines 43-45 and Col 4, 
lines 59-65), 

wherein a same security data is encoded with several different data keys to 
provide several different encoded secure data such that a combination of user 
authorization and any of a plurality of data keys allows for retrieval and decoding. (Col 

5, lines 22-32 and Col 5, lines 52-62). 

Regarding claim 3: Lockhart discloses the method of securing security data stored on a 
computer system according to claim 1 , wherein each encoded secure data is associated 
with one or more user authorization processes such that a combination of one or more 
user authorization processes and any of said several different data keys allows for 
retrieval and decoding. (Col 6, lines 8-24 and Col 7, lines 22-27) 

Regarding claim 4: Lockhart discloses the method of securing security data stored on a 
computer system according to claim 1 , wherein the user authorization process is a 
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biometric information verification process. ( Col 3, lines 45-49) 

Regarding claim 5: Lockhart discloses the method of securing security data stored on a 
computer system according to claim 1 , wherein the data keys include a password. ( Col 
4, lines 3-8) 

3. Claims 6-10, 13-15 and 18-21 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Bjorn US (6,035,398). 

Regarding claims 6,13 and 19: A method of securing security data stored on a computer 
system comprising: 

providing a biometric information source ( Col 5, lines 61-64) and comparing the 
biometric information source against stored templates associated with the biometric 
information source; ( Col 5, lines 64-68) and for, in dependence upon a comparison 
result pairing biometric information source with a first individual identity;( Col 6, lines 1- 

3); 

providing one of several different data keys associated with the first individual 
identity; (Col 6, lines 14-17) the one data key being other than stored on the computer 
system; (Col 6, lines 17-24); 

retrieving encoded security data associated with the biometric information, and 
using the one data key for decoding the encoded security data. (Col 8, lines 54-61), 
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wherein a same security data is encoded with several different data keys to 
provide several different encoded secure data such that a combination of user 
authorization and any of a plurality of data keys allows for retrieval and decoding. (Col 
5, lines 22-32 and Col 5, lines 52-62). 

Regarding claims 7 and 18: A method of securing security data stored on a computer 
system according to claim 6, wherein the decoded security data is for performing at 
least one of encrypting and decrypting data on the computer system. ( Col 8, line 66 
through Col 9, line 6) 

Regarding claim 8: A method of securing security data stored on a computer system 
according to claim 6, wherein the decoded security data is for allowing access of the 
data to the identified individual. (Col 9, lines 7-18) 

Regarding claim 9. A method of securing security data stored on a computer system 
according to claim 6, wherein the step of accepting biometric information source 
comprises imaging the biometric information source using a contact imager. (Col 3, 
lines 4-1 1 and Col 4, lines 4-1 1 ) 
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Regarding claim 10: A method of securing security data stored on a computer system 
according to claim 9, wherein the contact imager is a fingerprint imager. (Col 3, lines 4- 
11 and Col 4, lines 4-11) 

Regarding claims 14 and 21: Bjorn discloses the method of securing data as defined in 
claim 13, wherein the step of providing a first information sample to a computer system 
comprises: hashing the first information sample to produce a first hash value. (Col 3, 
lines 44-59) 

Regarding claim 15: Bjorn doesn't disclose the method of securing data as defined in 
claim 13, comprising: 

providing a second other information sample to the computer system; hashing the 
second information sample to produce a second hash value; encoding the key data in 
dependence upon the second hash value to produce second security data; and 
securing the second security data in dependence upon at least one of the at least one 
biometric information sample. 

Regarding claim 15: Bjorn discloses the method of securing data as defined in claim 
13, comprising: 
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providing a second other information sample to the computer system; (Col 3, lines 

28-36) 

hashing the second information sample to produce a second hash value; (Col 3, 
lines 44-46) 

encoding the key data in dependence upon the second hash value to produce 
second security data; and ( Col 3, lines 54-65) 

securing the second security data in dependence upon at least one of the at least 
one biometric information sample.( Col 4, lines 8-20) 

Regarding claim 20: Bjorn discloses the method of securing data according to claim 19, 
comprises the steps of: providing a first information sample to a computer system for 
decoding the encoded biometric sample; (Col 4, lines 60-63 and item 340 of FIG. 3) and 
comparing the decoded biometric sample against stored templates associated with the 
biometric information source. ( Col 4, lines 64-67 and item 345 of FIG. 3) 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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5. Claims 11,12,16, and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Bjorn US (6,035,398) in view of Gressel US (6,31 1 ,272). 

Regarding claims 1 1 and 16: Bjorn disclose the method of securing security data stored 
on a computer system according to claim 6, wherein the step of providing the data key 
comprises the step of providing a public/private key pair (Col 8, lines 54-61) but he 
doesn't explicitly disclose the step of providing the data key comprises the step of 
providing, however Gressel discloses a biometric authentication system where he 
teaches the using of a password or a shared secret to retrieve and decrypt decryption 
key stored on memory using biometric techniques ( Col 5, lines 56-65) . Therefore it 
would have been obvious to one ordinary skilled in the art at the time the invention was 
made to modify Bjorn system with the teachings of Gressel to include provide a 
password through the authentication process. One would be motivated to do so in order 
to enable the system to provide the decryption key to the user by authenticating the 
user using a password or PIN that is usually easier for the user to remember and 
keeping the decryption key in a secure area. 

Regarding claims 12 and 17: Bjorn discloses the method of securing security data 
stored on a computer system according to claim 6, wherein the step of providing the 
data key comprises the step of providing information stored on a database but he 
doesn't explicitly disclose the step of providing the data key comprises the step of 
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providing information stored on smart card. However, Gressel discloses a biometric 
authentication system where he teaches storing decryption key on a smart card and 
using a shared key to retrieve and decrypt decryption key stored on the smart card (Col 
3, Lines 50-55 and Col 8, lines 28-38). Therefore it would have been obvious to one 
ordinary skilled in the art at the time the invention was made to modify Bjorn invention 
with the teachings of Gressel to provide a data key stored the smart card. One would be 
motivated to do so in order to eliminate any possibility of the decryption key being 
compromised during operation and to provide higher degree of security against physical 
attacks. Additionally using the smart card enables the system to provide a higher 
degree of mobility for the users. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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